To me, my biggest issue with scanning user data is accountability and transparency;
Who will audit false passive cases including reasons for unlocking data ?
How false positive cases will be investigated and by whom ? (in case it was intentional data unlocking, eg. corporate espionage)
How "victims" of false positive cases will be notified ?
Who will audit false passive cases including reasons for unlocking data ? How false positive cases will be investigated and by whom ? (in case it was intentional data unlocking, eg. corporate espionage) How "victims" of false positive cases will be notified ?